On collaborative work, you would give access to others who would be helping you out on the code or system admin stuff.

The question would be, how limited can you go with granting access to the users?

The first thing would be adding the user to the sudoers list, lets say you have created a new user named tom and you want to grant sudo access to this user

You can edit the sudoers file with whatever editor you are using. But the most recommended way would be using visudo

sudo visudo

Grant all the access to user

If you want to give the world access to the user, then add the following line and save the file

tom ALL=(ALL) ALL

tom is the user you want to grant permissions and the first ALL is for the host and the ALL in the bracket is referring to other accounts the user sudouser can act as and the final ALL would be for list of commands – in this case tom has every access provided.

Grant only some commands

Lets say you want to give tom an access of copy and renaming a file

tom ALL=/bin/cp,/bin/mv

The above command would tell the system the user tom has access to cp and mv only. You might need to check the correct binary to cp and mv using which command. That is which cp would tell you the right path to the binary of the cp.

Allow the user everything but installing new softwares using apt-get

Ok, so you might want to give every access to the user but you want to limit installing new softwares using apt-get

tom ALL=ALL,!/usr/bin/apt-get

Here tom can do everything but not apt-get. If you add the ! in front of the command, it means don’t allow.

So using the combinations of the above you can reach the level where you can grant and deny any command for the user of interest